last sync: 2020-Jul-09 14:13:40 UTC

Azure Policy

Unattached disks should be encrypted

Policy DisplayName Unattached disks should be encrypted
Policy Id 2c89a2e5-7285-40fe-afe0-ae8654b92fb2
Policy Category Compute
Policy Description This policy audits any unattached disk without encryption enabled.
Policy Mode Indexed
Policy Type BuiltIn
Policy in Preview FALSE
Policy Deprecated FALSE
Policy Effect Default: Audit
Allowed: (Audit,Disabled)
Roles used none
Policy Changes no changes
Used in Policy Initiative(s)
Initiative DisplayName Initiative Id
CIS Microsoft Azure Foundations Benchmark 1.1.0 1a5bb27d-173f-493e-9568-eb56638dde4d
[Preview]: Azure Security Benchmark 42a694ed-f65e-42b2-aa9e-8052e9740a92
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab
Policy Rule
{
  "properties": {
    "displayName": "Unattached disks should be encrypted",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "This policy audits any unattached disk without encryption enabled.",
    "metadata": {
      "version": "1.0.0",
      "category": "Compute"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Compute/disks"
          },
          {
            "field": "Microsoft.Compute/disks/diskState",
            "equals": "Unattached"
          },
          {
            "anyOf": [
              {
                "field": "Microsoft.Compute/disks/encryptionSettingsCollection.enabled",
                "exists": "false"
              },
              {
                "field": "Microsoft.Compute/disks/encryptionSettingsCollection.enabled",
                "equals": "false"
              }
            ]
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "2c89a2e5-7285-40fe-afe0-ae8654b92fb2"
}